CVE-2010-3898
Severity
5.0MEDIUM
EPSS
0.3%
top 47.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 12
Latest updateMay 14
Description
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.
CVSS vector
AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9